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Claims 

1. A system for operating a storage area network (SAN) in a 
server environment in which multiple servers share one Fibre 
Channel adapter, the system comprising 

a SAN Management Server, 

a Fiber Channel Network providing a connection to storage 
devices, and 

a plurality of Operating System Images running in said 
server environment, 
characterized by 

a trusted SAN Management Client Unit being connected to 
said SAN Management Server, 

a Fiber Channel adapter (FC adapter) , 

whereby the trusted SAN Management Client Unit is 
configured to issue commands in said Fiber Channel Network in 
place of each of said Operating System Images (OS Images) . 

2. The system according to one of the preceding claims, 
wherein said SAN Management Server is configured to 
distinguish a first set of commands and a second set of 
commands, whereby the first set of commands are processed by 
the SM Client together with said SAN, and whereby said second 
set of commands are processed by said OS Images without access 
to said SAN. 

3. The system according to one of the preceding claims, 
wherein said SAN Management Client is configured to 
distinguish a first set of commands and a second set of 
commands, whereby the first set of commands are processed by 
the SM Client together with said SAN, and whereby said second 
set of commands are processed by said OS Images without access 
to said SAN. 
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4* The system according to one of the preceding claims, 
wherein the server environment includes virtual servers, 

5. The system according to one of the preceding claims, 
wherein the server environment includes partitioned servers. 

6. The system according to one of the preceding claims, 
wherein said FdLber Channel adapter (FC adapter) is configured 
to authenticate said trusted SAN Management Client Unit. 

7. The system according to one of the preceding claims, 
wherein said FC adapter and said SAN are adapted to restrict 
the access of the untrusted OS Images to the minimal necessary 
set of commands. 

8. The system according to one of the claims 1 to 5 wherein 
said FC adapter and a virtualization layer of the virtual 
server are adapted to restrict the access of the untrusted OS 
Images to the minimal necessary set of commands. 

9. The system according to one of the preceding claims, 
wherein only one SM Client is provided in order to keep the 
server load small. 

10. The system according to claim 8, wherein one or more 
backup SM Clients are provided to provide redundancy. 

11. The system according to one of the preceding claims, 
wherein only the SM Client is registered for receiving 
messages from the SAN and the SM Client is configured to 
forward said messages only to said SM Server. 
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12. The system according to one of the preceding claims, 
wherein the FC Adapter is configured to forward all messages 
generated by the SAN for which a registration is not necessary 
solely to the SM Client and not to the untrusted OS Images. 

13. The system according to one of the preceding claims, 
wherein the FC Adapter is configured to forward a copy of all 
messages generated by the SAN for which a registration is not 
necessary to the SM Client in addition to forwarding the 
original message to the untrusted OS Images. 

14. The system according to one of the preceding claims, 
wherein the server is equipped with two classes of agents, 
namely, the SM Client and a Remote Access Server (i<A Server) . 

15. The system according to claim 14, wherein the SM server 
is equipped with repository for keeping authorization data for 
accessing the RA Server. 

16. The system according to claim 14, wherein the SM Client 
is equipped with repository for keeping authorization data for 
accessing the RA Server. 

17. The system according to one of the preceding claims, 
wherein the SM Client and the FC adapter are configured to 
gather reliable information used for billing the use of 
resources by each untrusted OS Image. 

18. The system according to one of the preceding claims, 
wherein the SM Framework is adapted to communicate with a 
Firewall control application, in order to set the access 
rights . 
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19. The system according to one of the preceding claims , 
wherein the SM Client is adapted to function as a router for 
the requests from the SM server to the RA server. 

20. The system according to one of the preceding claims ^ 
wherein the RA Server is formed by an existing telnet/ sshd 
server • 

21. A method for operating a storage area network (SAN) in a 
server environment in which multiple operating system images 
share one Fibre Channel adapter^ the method comprising the 
steps of : 

managing the SAN by a SAN Management software with at 
least a SAN Management server and at least a SAN Management 
client with a communication path to said Fibre Channel 
Adapter f 

separating the requests issued by the SAN Management 
server into at least two groups, 

a first group is processed by the Fibre Channel adapter 
and the SAN on behalf of the SM client in place of other 
operating systems which share the same adapter, corresponding 
to a trusted path^ and 

a second group is processed by the other operating 
systems without the need to send or receive requests to or 
from the FC adapter and the SAN. 

22. The method according to claim 21, further comprising the 
step of: 

routing all information contained in unsolicited messages 
generated in the SAN and FC adapter to the SAN Manager by the 
SAN management client. 

23. The method according to claim 21 or 22, further 
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comprising the step of: 

using the HBA_API binding requests to modify the 
firewall. 

24. The method according to one of the claims 21 to 23, 
further comprising the step of: 

operating the communication path from the SAN Management 
client to the adapter so that it cannot be modified or 
eavesdropped by another operating system image. 

25. The method according to one of the claims 21 to 24, 
further comprising the steps of: 

accessing all information relevant for billing individual 
operating system images generated in the adapter and SAN 
only through the SAN client on the trusted path. 

26. The method according to one of the claims 21 to 25, 
further comprising the step of: 

said SM server providing authorization data to the SM 
client to execute requests from said first group. 

27. The method according to one of the claims 21 to 26, 
further comprising the step of: 

said SM server and SM client providing authorization data 
to the other OS images to execute requests from said second 
group . 

28. The method according to one of the claims 21 to 27, 
further comprising the step of: 

operating the OS images so that they are only enabled to 
execute a limited command set in the SAN. 

29. A computer progrsun product stored on a computer usable 
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medium, comprising computer readable program means for causing 
a computer to perform a method according to anyone of the 
preceding claims 21 to 28* 



